2월 27일
시즌 1, 에피소드 8
19분

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

The Exploit Podcast: CVEs and Security News

Week ending 27th Feb, 2025.

Key vulnerabilities to be discussed include:

JWT Validation Failure in JupyterHub
Arbitrary File Upload and SQL Injection in Mattermost, where versions of Mattermost are failing to properly validate board blocks when importing boards and failing to use prepared statements in SQL queries
Path Traversal File Deletion in Mautic, where improper handling of path components allows authenticated users to manipulate file deletion processes
Deserialization of Untrusted Data in MetaSlider, potentially leading to object injection

The podcast will also cover unrestricted file uploads, authentication bypasses, and SQL injection flaws in systems like GreaterWMS, Everest Forms, XOne Web Monitor and Tenda routers.

에피소드 웹페이지

프로그램

The Exploit Podcast: CVEs and Security News
주기

매주 업데이트
발행일

2025년 2월 27일 오후 5:33 UTC
길이

19분
시즌

1
에피소드

8
등급

전체 연령 사용가

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

정보